EU-U.S. Data Privacy Framework (EU-U.S. DPF), UK Extension to the EU-U.S. DPF, and Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Verification


Recognized EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF* Verification

The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, which are administered by the U.S. Department of Commerce’s International Trade Administration (ITA) under the Data Privacy Framework (DPF) Program, require companies to meet stringent requirements to protect the personal data of Europeans, which are subject to enforcement by the U.S. Federal Trade Commission (FTC) and the U.S. Department of Transportation (DOT). The DPF Program, which was developed to facilitate transatlantic data flows, supersedes the Privacy Shield Program as of July 2023.
Demonstrating EU-U.S. DPF and, as applicable, UK Extension to the EU-U.S. DPF, and/or Swiss-U.S. DPF verification is critical for your global compliance and data transfer mechanisms.
  • Privacy-compliant data flows. Ensure compliant data mechanisms from the EU and, as applicable, the UK (and Gibraltar), and/or Switzerland to the United States as a DPF Program-verified company, ensuring no delay in business operations across your markets.
  • Operationalize your data mechanisms for accountability. This includes strong privacy notices and meeting other strong privacy requirements outlined in the relevant part(s) of the DPF Program.
  • Reputation & Trust. Enhance your reputation and trust with trade partners, investors, customers, and regulators compliance to an internationally recognized standard with a verified seal. Show your commitment to protecting personal data and privacy.

*Note: To participate in the UK Extension to the EU-U.S. DPF an organization must also participate in the EU-U.S. DPF, whereas it is possible to participate exclusively in either the EU-U.S. DPF or the Swiss-U.S. DPF.

Data Protection Framework Verification Packages

Our verification capabilities include verification, and independent recourse mechanism to complete your organization’s needs. Compliance can be reviewed for customer data, employee data, or both and includes specific adherence criteria that aligns to the Data Privacy Framework.

Prepare for EU-U.S. DPF and, as applicable, UK Extension to the EU-U.S. DPF, and/or Swiss-U.S. DPF Self-Certification

We provide a range of solutions to meet your DPF Program verification and dispute resolution (independent recourse mechanism) needs. We can review compliance for customer data, employee data, or both.


* Independent Recourse Mechanism, or essentially your Dispute Resolution (DR), for Customer inquiries can be managed by TRUSTe. DR must be provided by relevant EU data protection authority/ies (EU DPA(s)), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and/ or the Swiss Federal Data Protection and Information Commissioner (FDPIC) (as applicable) for HR inquiries.

The TRUSTe Assurance Process

Privacy Profile Laptop

Conduct Privacy Review

Together, we work with you to conduct a privacy analysis to understand your data policies and practices.

Cookie Consent Desktop

Demonstrate Compliance

Survey questions guide you through the requirements to ensure you’re complying with the DPF Principles.

Customized Action Plan

TrustArc team provides an Action Plan for how to meet DPF Principles. Action Plan includes a gap analysis, written guidance on compliance posture, and remediation recommendations to achieve compliance.
Privacy Profile Laptop

Remediation & Verification

Collect, compile, or generate documents or processes to demonstrate compliance.

Cookie Consent Desktop

Privacy Notice Review & Seal Issuance

A TRUSTe-reviewed Privacy Notice, a Letter of Attestation, and seals for public posting. We serve as your Verification Agent for your DPF Program self-certification submission to the U.S. Department of Commerce’s International Trade Administration (ITA).

Ongoing Monitoring & Guidance

All assessment work and supporting documentation for an audit trail is available along with ongoing compliance monitoring. Our dispute resolution service option provides privacy expertise to handle privacy inquiries and address disputes.

Access to Operational Templates

As part of your verification process, you have access to 800+ Operational templates to help your organization operationalize privacy quickly.
Leveraging Operational Templates reduces documentation time by 50% and can speed up your Remediation work.
Populated template documents include:

  • Spreadsheets
  • Checklists
  • Case studies
  • Policies
  • Procedures
  • Annotations
  • Guides
  • Real-world sample materials
Operational Templates

Strengthen your Data Privacy Compliance

Ensure your business operations remain resilient when it comes to transatlantic transfers of personal data.